Onapsis Launches Private Beta of Virtual SAP Security Patching Functionality
May 2016 by Marc Jacob
Onapsis announced the official launch of its new virtual patching functionality to provide organizations with immediate protection from exploitable SAP-specific vulnerabilities. The new functionality is currently in private beta for select customers and development partners and will be made generally available in the Onapsis Security Platform (OSP) later in 2016.
Organizations rely on SAP to run critical business processes and to provide vital services to partners, suppliers and customers. If these systems are not properly managed and secured, an attacker could exploit a vulnerability or misconfiguration within SAP to gain access to mission-critical information including customer data, product pricing, financial statements, employee information, supply chains, business intelligence, budgeting, planning and forecasting.
According to the Onapsis Research Labs study titled "Top Three Cyber Attack Vectors for SAP Systems,” it was detected that companies have protracted patching windows averaging 18 months or more. In 2015 alone, over 200 security patches were released by SAP, many of which were ranked “high priority."
With Onapsis’ new capabilities, virtual SAP security patches can be applied to systems as soon as the Onapsis Security Platform identifies new cybersecurity risks and compliance violations. Further, customers subscribing to the OSP Advanced Threat Protection (ATP) service will be protected from SAP zero-day vulnerabilities discovered by the Onapsis Research Labs, gaining exclusive protection against advanced threats.
Onapsis is partnering with several leading Next Generation Intrusion Prevention System providers. Those providers are able to protect the underlying operating systems and databases running and supporting SAP applications, but are unable to provide protection for customized applications such as SAP.
Onapsis Virtual Patching provides the ability to:
– Immediately apply virtual security patches when critical risks are found
– Apply virtual security patches in a staggered manner, only applying the patches against connections from untrusted networks
– Increase ROI on existing IT and security investments
– Protect business critical applications and processes
– Save time and reduce costs when compared to manual patching
– Minimize exposure window to new risks and zero-day vulnerabilities
– Minimize the risk of service disruption from failed manual patches
– Streamline SAP Cloud providers security operations